Jackass of the Week: Kieren McCarthy

Tuesday, 26 September 2006

Brief Up-Front Interpolation Regarding the Discrepency Between the Article’s Dual Byline and the Solo Honors for ‘Jackass of the Week’

The Techworld article is credited to the dual byline of “Jim Dalrymple, Macworld and Kieren McCarthy, Techworld”, but I suspected from the start that the objectionable aspects are entirely the work of McCarthy, and that Dalrymple’s name got dragged into this by whatever the rules are for dual-bylining when a Techworld writer runs something containing reporting from a Macworld writer.

[Update 27 September 2006: As of today, the article is now credited solely to Kieren McCarthy.]

I emailed Dalrymple to ask about his role in the Techworld article, and he responded: “Rest assured, John, not a word of the revised article was written or approved by me. I stand by the original article I wrote for Macworld.”

Jason Snell, editor-in-chief of Macworld, told me via email:

Just an official notice that Macworld does not endorse that Techworld
story, which was created by a Techworld writer with Jim’s name
attached. […]

We stand by our story; we wish Techworld would stand by theirs and
not misuse the name of our reporter on its snide opinion article
masquerading as news.

Hence I’m bestowing Jackass of the Week honors solely upon McCarthy. In fact, if anything, McCarthy deserves double jackass honors — once for the crummy article and again for putting Jim Dalrymple’s name on it.

Apple has patched a serious security hole in its WiFi driver,
despite disputing its existence last month.

A security and AirPort update for Mac OS X fixes holes found in
the company’s wireless drivers by a researcher at SecureWorks.
Despite claiming that the researcher was wrong and the drivers
were not in any way vulnerable, the patch covers the self-same
problem.

Apple’s statements on this topic last month, as reported by Dalrymple himself in Macworld — and not only reprinted in Techworld, but linked to in this very article (see “claiming”, above) — were very precise: Apple denied only that SecureWorks had provided them with evidence of Wi-Fi flaws affecting Apple products. No one from Apple said anything, one way or the other, about whether the company was aware of any such flaws.

(And Apple certainly didn’t deny that any such flaws existed — that would be a reckless statement under any conditions. Even if you’re not aware of any flaws, it’s impossible to know whether there exist flaws you aren’t aware of. It’s the difference between “known unknowns” and “unknown unknowns”, in Rumsfeld-ese.)

There is no evidence whatsoever that last week’s security updates cover the “self-same problem” demonstrated by David Maynor and Jon Ellch at August’s Black Hat conference — and Apple has specifically denied that they do.

Next paragraph:

The company changed its tune over the hole, complaining that
SecureWorks had not given it sufficient information and so it
had in fact discovered the problem itself.

There has been no tune-changing at all — Apple claimed a month ago that they had received no evidence of flaws in their products from SecureWorks, and they claimed the same thing last week after releasing the updates.

Next paragraph:

SecureWorks researcher David Maynor and “Johnny Cache”
demonstrated the vulnerability — where a hole in Apple’s
MacBook wireless software driver allows a hacker to take
control of the machine — at the Black Hat conference in
August. Maynor said at the time that they had demoed the flaw
on the Mac because of the “Mac user base aura of smugness on
security”.

Maynor and Ellch’s demonstration at Black Hat was explicitly regarding a third-party card and driver. It remains a central question in the saga whether they have also discovered a similar vulnerability in Apple’s built-in AirPort drivers, but one fact that is undisputed by anyone is that their public demonstration did not involve Apple’s card or driver. Undisputed.

Next paragraph:

That smugness was nowhere to be seen yesterday as Apple
informed the faithful that it personally had discovered the
problem that wasn’t a problem anyway because no one had
exploited it — except for the two people up on stage at the
Black Hat conference, that is.

Again, wrong. For one thing, Maynor and Ellch demonstrated no such thing while on stage. Famously, they presented their exploit demonstration on video, so as to prevent anyone in attendance from recording the Wi-Fi network packets to copy the attack. And their videotaped exploit was explicitly an attack against a non-Apple card and non-Apple driver.

Again, wrong. McCarthy apparently only read the description of the first of the three issues addressed in last week’s update. The first of the three issues does not affect Intel-based Mac Minis, MacBooks, and MacBook Pros, but that’s because those three Macs use a different AirPort card; the other two AirPort issues addressed last week do affect these Macs.

Amazingly, not only does every single paragraph of this article contain at least one factual error, but even the errors reported within the article itself contradict each other. In the fourth and fifth paragraphs, McCarthy claims that last week’s Apple security update addresses an issue exposed by Maynor and Ellch’s Black Hat demonstration against a MacBook. In the next and final paragraph, McCarthy claims the security update does not affect MacBooks or MacBook Pros.